Data privacy laws specify that personally identifiable information (PII) data associated with an individual must be destroyed after a purpose for retaining it has expired. These laws vary across geo-political boundaries. Customers also demand privacy and security regarding their PII data. For many organizations, the PII data is distributed across multiple systems and storage locations, possibly across geo-political boundaries subject to varying data privacy laws. Once it is determined that PII data must be destroyed, locating and deleting the PII data can be problematic. Locating the distributed PII data is often a time consuming and error-prone task. Ensuring the deletion of the located PII data may be technically challenging due to various storage formats and methods used to store and transfer the PII data. These challenges affect the organizations' ability to both comply with applicable data privacy laws and to reassure customers of data privacy and security.